Revision Security

We value your data and are committed to keeping it safe and secure. This document outlines some of the ways handle your data with care in transit and at rest.

Organizational Security

We are a small team. Here are some of the best practices we’ve adopted:

  • Access to servers, source code, and third-party tools is limited to core team members.
  • We use strong, randomly-generated passwords stored in a password manager (1Password).
  • Employees and contractors are given the lowest level of access that allows them to get their work done. This rarely includes access to production systems or data.
  • We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues. We are aggressive about applying patches and deploying quickly.
  • We don’t copy production data to external devices (like personal laptops).

Authentication

When users sign up for Revision, we create a user record in our database that includes:

  • First and last name
  • Email address
  • Hashed password (using bcrypt)

When a user signs in, we generate an encrypted session token stored in browser cookies.

Encryption

All application pages are encrypted with TLS 1.3 via certificates managed by Render.com, our infrastructure provider.

Infrastructure

Our application and database is hosted with Render.com, primarily in Frankfurt, Germany.

Learn more about their security practices:

Logging

Application logs are stored in Logtail and retained for 30 days. All data sent to Logtail is encrypted in transit.

Software Development Practices

We value shipping software a high-velocity, but no so fast we sacrifice quality or, most importantly, data security. All code is subject to peer review via GitHub Pull Requests. We maintain a rigorous automated test suite and linters that is enforced via continuous integration before deployment.

How do I report a potential vulnerability or security concern?

Please email us at support@revision.app! We do not provide compensation for independent reports at this time.